$300m in cryptocurrency accidentally stolen and lost forever due to bug | Technology

More than $300m of cryptocurrency has been lost after a series of bugs in a popular digital wallet service led one curious developer to accidentally take control of and then lock up the funds.

Unlike most cryptocurrency hacks, however, the money wasn’t deliberately taken: it was effectively destroyed by accident. The lost money was in the form of Ether, the tradable currency that fuels the Ethereum distributed app platform, and was kept in digital multi-signature wallets built by a developer called Parity. These wallets require more than one user to enter their key before funds can be transferred.

On Tuesday Parity revealed that, while fixing a bug that let hackers steal $32m out of few multi-signature wallets, it had inadvertently introduced a new flaw into its systems that allowed one user to become the sole owner of every single multi-signature wallet.

The user, “devops199”, triggered the flaw apparently by accident. When they realised what they had done, they attempted to undo the damage by deleting the code which had transferred ownership of the funds. Rather than returning the money, however, that simply locked all the funds in those multisignature wallets permanently, with no way to access them.

Effectively, a user accidentally stole hundreds of wallets simultaneously, and then set them on fire in a panic while trying to give them back.

“We are analysing the situation and will release an update with further details shortly,” Parity told users.

Hard fork

Some are pushing for a “hard fork” of Ethereum, which would undo the damage by effectively asking 51% of the currency’s users to agree to pretend that it had never happened in the first place. That would require a change to the code that controls ethereum, and then that change to be adopted by the majority of the user base. The risk is that some of the community refuses to accept the change, resulting in a split into two parallel groups.

Such an act isn’t unheard of: another hack, two years ago, of an Ethereum app called the DAO resulted in $150m being stolen. The hard fork was successful then, but the money stolen represented a much larger portion of the entire Ethereum market than the $300m lost to Parity.

The lost $300m follows the discovery of bug in July that led to the theft of $32m in ether from just three multisignature wallets. A marathon coding and hacking effort was required to secure another $208m against theft. Patching that bug led to the flaw in Parity’s system that devops199 triggered by accident.

Ethereum has rapidly become the second most important cryptocurrency, after Bitcoin, with its price increasing more than 2,500% over the past year. One token of Ether is now worth a little over $285, up from $8 in January.

The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. Photograph: Tobias Schwarz/AFP/Getty Images

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court.

The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. The federation of German consumer organisations (VZBV), which brought the suit, argued that Facebook opted users in to features which it should not have.

Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.”

In a statement, VZBV elaborated on some of its issues: “In the Facebook app for smartphones, for example, a location service was pre-activated that reveals a user’s location to people they are chatting to.

“In the privacy settings, ticks were already placed in boxes that allowed search engines to link to the user’s timeline. This meant that anyone could quickly and easily find personal Facebook profiles.”

The Berlin court agreed with VZBV that the five default settings the group had complained about were invalid as declarations of consent. The German language judgment was handed down in mid-January, but only publicly revealed on Monday.

The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. The company’s “authentic name” policy – a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by – was also ruled unlawful.

In a statement, Facebook said it would appeal, adding: “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law.”

A week after the Berlin court ruled against Facebook, the social network promised to radically overhaul its privacy settings, saying the work would prepare it for the introduction in Europe of the General Data Protection Regulation (GDPR), a sweeping set of laws governing data use across the EU.

Sheryl Sandberg, Facebook’s chief operating officer, announced the changes, saying they would “put the core privacy settings for Facebook in one place and make it much easier for people to manage their data”.

The European Union’s new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making.

GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a “one-stop-shop” for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board.

The new laws govern the processing and storage of EU citizens’ data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation.

GDPR will refine and enshrine the “right to be forgotten” laws as the “right to erasure”, and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time.

To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted.

Facebook has faced repeated attacks from European regulators, particularly those in Germany, over issues ranging from perceived anti-competitive practices to alleged misuse of customer data.

Since March 2016, the company has been investigated by the German Federal Cartel Office over allegations it breaches data protection law in order to support an unfair monopoly. In an interim update in December last year, the office said that it objected to the way Facebook gains access to third-party data when an account is opened. This includes transferring information from its own WhatsApp and Instagram products – as well as how it tracks which sites its users access.

In October, Facebook was the target of an EU-wide investigation over a similar issue. The Article 29 Working Party (WP29), which oversees data regulation issues across the European Union, launched a taskforce to examine the sharing of user data between WhatsApp and Facebook, which it says does not have sufficient user consent. When the data sharing feature was first announced in 2016, the group warned Facebook that it may not be legal under European law, prompting the company to pause the data transfer until a resolution was found.

“Whilst the WP29 notes there is a balance to be struck between presenting the user with too much information and not enough, the initial screen made no mention at all of the key information users needed to make an informed choice, namely that clicking the agree button would result in their personal data being shared with the Facebook family of companies,” the group told WhatsApp in October.

Samsung S9 vs iPhone X vs Pixel 2: which one should you buy?

In the last five months, three of the most well-known smartphone manufacturers – Apple, Samsung and Google – have announced new flagship devices. Google led the pack in October with the release of its Pixel 2, with Apple following a month later with the iPhone X. Now Samsung has revealed its own hand with the announcement of the Galaxy S9 at Mobile World Congress in Barcelona.

There’s not a great deal separating these devices at the top-end of the smartphone market, although each device has its own strengths and weaknesses in different areas. So to help you work out the best device for your own needs, we’ve put together a guide to how they compare.

Design

The Pixel 2 has a five-inch 1080p AMOLED display with a chunky bezel at the top and bottom of the screen. This is the smallest screen of the three flagships, which is to be expected since it has the smallest overall footprint too, but it does feel a little squeezed compared to the other two phones. Flip the Pixel 2 over and you’ll find some models have a contrast colour scheme on the back, with the top section of the phone a slightly different shade to the rest of the back. Whether this rocks your boat is down to personal preference, but its a nice touch of personality that is sometimes missing from these top-tier devices.

Enter the Samsung Galaxy S9. Its 5.8-inch Quad HD AMOLED screen takes up almost all of the front of the device, leaving just a narrow strip of bezel at either end. At either side, the screen gently curves around the sides of the device, blending neatly into the rear. On the back of the phone, the fingerprint scanner has been shifted to sit directly beneath the camera. Compared to the Pixel 2, the S9 is a much slicker-looking device, all smooth curves and shiny glass, that fits much more screen into a similarly-sized device. It’s also the only of these devices to have a 3.5 mm headphone jack, so if you’re still fully wired up, this is the phone for you.

Dimensions compared

The iPhone X also has a 5.8-inch, screen even though the device as a whole is a tad smaller than the S9. And as is the case with the S9, the iPhone X screen fills almost the entire of the front of the device, save for the notorious notch that takes a chunk out at the very top. There’s no fingerprint scanner on the iPhone X, since Apple decided to go all-in on Face ID with this model, and some people might find it more inconvenient using their face to verify payments or unlock the device instead of a finger, so that’s worth bearing in mind if you’re picking between the devices.

Camera

All three of these phones have extremely capable cameras, so picking between them again comes down to a matter of personal taste. The single-lens 12.2 megapixel rear-facing camera on the Pixel 2 has an aperture with an f-stop of 1.8, which makes it particularly well-suited to photography in low-light conditions – and recent software updates have given the camera another boost. Aside from its snapping skills, Google has integrated some machine learning smarts into its camera so you can point its at an object in the real world and use Google Assistant to identify it and bring up relevant information.

Since it’s only just been announced, the jury is still out on the Galaxy S9 camera, although initial indications are that Samsung has managed to set a new high when it comes to smartphone cameras. Like the Pixel 2, the main S9 camera also has one lens, and a 12 megapixel sensor, but the S9 has another trick up its sleeve. A variable aperture feature widens up the camera’s f-stop in low light conditions, letting in way more light than most smartphone cameras are able to capture in relative darkness. In normal light conditions, the camera automatically switches to a more conventional f-stop for better focussing. The ability to record slow-mo at 960 fps is a nice too, too.

Cameras compared

The iPhone X also has a 12 megapixel sensor, but this one is a part of a dual-lens setup, with one wide-angle lens paired with a telephoto lens for photos with plenty of Instagram-friendly bokeh. Dual optical image stabilisation smooths out videos taken in bumpy circumstances while the X’s quad-LED flash is supposed to smoothly light backgrounds and foregrounds without washing subjects out.

Specs

There’s not an awful lot between these phones when it comes to their insides. The S9 and Pixel 2 both have super-fast eight-core processors, while the X’s six-core processor is more than capable of powering everything the phone can do. If plenty of storage capacity is a must, then the S9 has a Micro SD slot that can fit in up to a 400 GB SD card, while the Pixel and the X both max out at 256 GB. When it comes to battery, however, the S9 leads the pack with its 3,00mAh battery, while the X’s battery weighs in at 2716mAh and the Pixel 2 at 2,700. All should last a day of mixed use.

Conclusion

If you’re in the market for a new phone and only the best will do, then you’ve got a tough decision ahead of you. In terms of specs, these phones are more or less on par with each other, but if a big screen is a must then you can rule out the Pixel 2 and decide between the other contenders. Photos are more subjective, and each of these phones will hardly disappoint in the camera department, so it’s worth taking the time to get hands-on with these devices and take a few test shots to decide which one is really ticking your boxes. Whichever you chose, you can’t go far wrong.